Remoting WildFly Subsystem Concepts: Difference between revisions
Line 2: | Line 2: | ||
* [[Remoting WildFly Subsystem]] | * [[Remoting WildFly Subsystem]] | ||
=Remoting and the Management Interfaces= | |||
<font color=red>TODO: clarify the relationship between the remoting subsystem and the instance's management interfaces.</font> | |||
=Security= | =Security= |
Revision as of 17:25, 18 October 2016
Internal
Remoting and the Management Interfaces
TODO: clarify the relationship between the remoting subsystem and the instance's management interfaces.
Security
Remoting connection attempts are authenticated against a configurable set of authentication mechanisms.
The presence of the 'security-realm' attribute in the remoting connector configuration triggers authentication enforcement within the remoting service, by initializing the list of authentication mechanisms to those contributed by the security realm.
For EAP 6:
<subsystem xmlns="urn:jboss:domain:remoting:1.1"> <connector name="remoting-connector" socket-binding="remoting" security-realm="ApplicationRealm"/> </subsystem>
For EAP 7:
TODO
The "ApplicationRealm" security realm employs "DIGEST" and "LOCAL" security mechanisms.
For more details on the local authentication mechanism see the 'LOCAL' authentication mechanism.
Removing 'security-realm="ApplicationRealm"' from the remoting connector configuration ends up in the installation of the "ANONYMOUS" authentication mechanism, which enforces no authentication.
For more details on configuring security-realm see security-realm.
For more on JBoss 7 security, see WildFly Security Realms.
Authenticated Remoting Call
How do I inject the credentials on the client so I actually make an authenticated remoting call?
Remoting and JMX Access
JBoss Remoting provides the transport of the JSR-160 Java Management Extensions (JMX) Remote API compliant implementation of a JMXConnector that can be used by standard monitoring applications (such as VisualVM) to access the JMX bus. This is why JBoss Remoting configuration and security is relevant when an external JMX client needs access to JBoss.
For practical details on how various JMX clients can connect to WildFly instances, see:
Threading Model
All invocations arriving on the subsystem's connectors are handled by the subsystem's threads, which are all grouped under the worker thread pool. Various worker thread pool attributes are configured on the worker-thread-pool element. For more details on configuring the thread pool, see:
Also see: